On Thu, Jun 24, 2010 at 07:09:37AM -0400, Stephen Gallagher wrote: > On 06/24/2010 04:04 AM, Alexander Gordeev wrote: > > Sumit Bose<sb...@redhat.com> пишет: > >> thank you for the patch. You are right adding an explicit attribute list > >> here. I have checked the related RFC 4512 and found in section 5.1: > >> > >> "It is noted that root DSE attributes are operational and, like other > >> operational attributes, are not returned in search requests unless > >> requested by name." > >> > >> The idea behind the root DSE search is to find out which features are > >> supported by the sever. This is not restricted to SASL mechanisms, but > >> should also include LDAP controls, extensions etc. Would you mind to add > >> at least the attributes mentioned in the RFC, namely: > >> > >> - altServer > >> - namingContexts > >> - supportedControl > >> - supportedExtension > >> - supportedFeatures > >> - supportedLDAPVersion > >> - supportedSASLMechanisms > >> > >> Maybe Stephen or Simo also know about other root DSE attributes which > >> might be specific to openLDAP or 389DS (formerly known as Fedora > >> Directory Server (FDS)) and we want to include here. > > > > Sure, I can add them. Maybe it's better to use just '+' as attribute > > list? '+' means we'll get all operational attributes. Or even '*' '+', > > which means we'll get both regular and operational attrs? > > > > I think this makes more sense, yes. Let's go with '*' '+' here. > > Thank you for finding this, Alexander!
sorry, but I cannot find the '+' in the current rfc http://tools.ietf.org/html/rfc4511 . In section 4.5.1.8 it is said: " There are three special cases that may appear in the attributes selection list: 1. An empty list with no attributes requests the return of all user attributes. 2. A list containing "*" (with zero or more attribute descriptions) requests the return of all user attributes in addition to other listed (operational) attributes. 3. A list containing only the OID "1.1" indicates that no attributes are to be returned. If "1.1" is provided with other attributeSelector values, the "1.1" attributeSelector is ignored. This OID was chosen because it does not (and can not) correspond to any attribute in use. " So I think we have to request the operational attributes explicitly. bye, Sumit > -- > Stephen Gallagher > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
